Healthcare Insurance Portability and Accountability Act & Privacy Officer

Abstract

In this paper, we will be discussing the role of privacy officer in the healthcare center. Also, we will be analyzing the policies of HIPAA as discussed with the privacy officer during an interview. Further, we have addressed the area of personnel management that how they must be managed to secure the issue of privacy of patients' information.

Table of Contents

Abstractii

Introduction1

Discussion2

Personnel and Privacy Issues Management5

Access Control6

Security Breaches7

Barriers and Issues9

Computer Benefits and the Challenges of Compliance10

Conclusion12

References14

Appendix16

Consent Form16

Interview Questions17

Healthcare Insurance Portability and Accountability Act & Privacy Officer

Introduction

Since April 21 of 2005, the healthcare industry has been required to comply with the Healthcare Insurance Portability and Accountability Act (HIPAA) Final Security Rules on the use of computers in the healthcare industry. The U.S. Department of Health & Human Services Office for Civil Rights (2003) stated that the purpose and intent of HIPAA are “to improve the efficiency and effectiveness of the healthcare system” by requiring the U.S. Department of Health & Human Services to implement national standards for healthcare transactions. The Office for Civil Rights credited Congress with recognizing the increased need for privacy and security of electronic healthcare information that led to requirements for health care organizations (HCOs) to meet the HIPAA Final Security Rules (Pickering 2003).

Although these regulations allude to compliance practices, the HIPAA rules are unique in that they specify required computer security safeguards to be used by all healthcare-related entities covered by the law. HIPAA provides special regulations for healthcare businesses large or small, including private ownerships, partnerships, small corporations, institutions, or publicly traded businesses. The covered entities include HMOs, healthcare insurance providers, home care services, wheel chair and other prosthesis providers, diagnostic labs, and more. HIPAA also requires these covered entities to ensure that all business associates, including information technology (IT) providers, couriers, and facility support companies that support healthcare services also implement HIPAA-compliant computer safeguards (Pace et al. 2005).

HIPAA increases the vulnerability of healthcare providers to lawsuits or legal consequences. Under HIPAA it is no longer necessary for complainants to prove that harm resulted from a defendant's noncompliance or actions. For example, California fined Kaiser Foundation Health Plan $200,000 for having approximately 150 patient records posted on their website. Due to the new regulations, a fine was imposed even though no harm was known to have occurred to any patient and the fact that the records had been on the site since 1999, well before the enactment of HIPAA. Note that consequences for noncompliance have been made much more likely because, since April 25, 2005, it has been possible for complaints to be made using the Administrative Simplification Enforcement Tool, a web-based application that enables individuals or organizations to file a complaint against a healthcare provider, health plan, or clearinghouse for potential noncompliance with HIPAA requirements (Kouzoukas 2002).

In this paper, we will be discussing the role of privacy officer in the healthcare center. Also, we will be analyzing that what security measures must be taken by hospitals for ...